On Mon, 2008-09-29 at 19:20 -0500, Will Fiveash wrote: ... > pkinit_open_session(): > > /* Init */ > /* Solaris Kerberos XXX */ > r = cctx->p11->C_Initialize(NULL); > > and > if ((r = cctx->p11->C_OpenSession(slotlist[i], CKF_SERIAL_SESSION, > NULL, NULL, &cctx->session)) != > CKR_OK) > > - Be aware that pkcs11 session handles are not fork safe. Do you know > whether the cctx will be used across a fork? See: > 5102151 krb contexts are not fork safe > for the krb bug relating to this issue.
The pkinit plugin doesn't fork(). The cctx->session is only used in the context of the pkinit plugin which does a C_Initialize() before using any sessions and finishes with a C_Finalize(). The code looks fine to me in this regard. -M
